OWASP Top 10 & WordPress Security (Page 3)

Please note: this post is incomplete & pending review.

A1 – Broken Authentication

A bit of a short post here, but basically login systems need to be rock solid, luckily for us in the WordPress world we have a solid system in place that has been growing and well maintained for 15 years:

WordPress core software manages user accounts and authentication and details such as the user ID, name, and password are managed on the server-side, as well as the authentication cookies. Passwords are protected in the database using standard salting and stretching techniques. Existing sessions are destroyed upon logout for versions of WordPress after 4.0


Leave a Reply